A Graph Data Model for Attack Graph Generation and Analysis

  • Mridul Sankar Barik
  • Chandan Mazumdar
Part of the Communications in Computer and Information Science book series (CCIS, volume 420)


Attack graph is a useful tool for enumerating multi-stage, multi-host attacks in organizational networks. It helps in understanding the diverse nature of threats and to decide on countermeasures which require on-the-fly implementation of custom algorithms for attack graph analysis. Existing approaches on interactive analysis of attack graph use relational database which lack data structures and operations related to graph. Graph databases enable storage of graph data and efficient querying of such data. In this paper, we present a graph data model for representing input information for attack graph generation. Also, we show how graph queries can be used to generate attack graph and facilitate its analysis.


Attack Graph Graph Database Graph Query 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chen, B., Yegneswaran, V., Barford, P., Ramakrishnan, R.: Toward a Query Language for Network Attack Data. In: Proceedings of the 22nd International Conference on Data Engineering Workshops, pp. 28–28. IEEE Press, New York (2006)Google Scholar
  2. 2.
    Chen, F., Su, J., Zhang, Y.: A Scalable Approach to Full Attack Graphs Generation. In: Massacci, F., Redwine Jr., S.T., Zannone, N. (eds.) ESSoS 2009. LNCS, vol. 5429, pp. 150–163. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Idika, N., Bhargava, B.: Extending Attack Graph-Based Security Metrics and Aggregating Their Application. IEEE Transaction on Dependable and Secure Computing 9(1), 75–85 (2012)CrossRefGoogle Scholar
  4. 4.
    Jajodia, S., Noel, S., O’Berry, B.: Topological Analysis of Network Attack Vul-nerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats. LNCS, pp. 247–266. Springer (2005)Google Scholar
  5. 5.
    Joslyn, C., Choudhury, S., Haglin, D., Howe, B., Nickless, B., Olsen, B.: Massive scale cyber traffic analysis: a driver for graph database research. In: First International Workshop on Graph Data Management Experiences and Systems, pp. 3:1–3:6. ACM, New York (2013)Google Scholar
  6. 6.
    Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: Proceedings of the IEEE Conference on Military Communications, pp. 981–990. IEEE Press, Piscataway (2006)Google Scholar
  7. 7.
    Neo4j Graph Database,
  8. 8.
    Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336–345. ACM, New York (2006)CrossRefGoogle Scholar
  9. 9.
    Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 156–165. IEEE Press, New York (2000)Google Scholar
  10. 10.
    Sheyner, O., Haines, J.W., Jha, S., Lippmann, R., Wing, J.M.: Automated Generation and Analysis of Attack Graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273–284. IEEE Press, New York (2002)Google Scholar
  11. 11.
    Vicknair, C., Macias, M., Zhao, Z., Nan, X., Chen, Y., Wilkins, D.: A comparison of a graph database and a relational database: a data provenance perspective. In: Proceedings of the 48th Annual Southeast Regional Conference, pp. 42:1–42:6. ACM, New York (2010)Google Scholar
  12. 12.
    Wang, L., Liu, A., Jajodia, S.: An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts. In: Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 247–266. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Computer Communications 29(18), 3812–3824 (2006)CrossRefGoogle Scholar
  14. 14.
    Wang, L., Yao, C., Singhal, A., Jajodia, S.: Implementing interactive analysis of attack graphs using relational databases. Journal of Computer Security 16(4), 419–437 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Mridul Sankar Barik
    • 1
  • Chandan Mazumdar
    • 1
  1. 1.Dept. of Comp. Sc. and Engg.Jadavpur UniversityKolkataIndia

Personalised recommendations